diff --git a/cmd/podman/auto-update.go b/cmd/podman/auto-update.go
index ae54559b6a..c4aa25df9f 100644
--- a/cmd/podman/auto-update.go
+++ b/cmd/podman/auto-update.go
@@ -68,8 +68,10 @@ func autoUpdate(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("`%s` takes no arguments", cmd.CommandPath())
 	}
 
-	if err := auth.CheckAuthFile(autoUpdateOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(autoUpdateOptions.Authfile); err != nil {
+			return err
+		}
 	}
 	if cmd.Flags().Changed("tls-verify") {
 		autoUpdateOptions.InsecureSkipTLSVerify = types.NewOptionalBool(!autoUpdateOptions.tlsVerify)
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 1f523fca49..ef58af06a3 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -156,8 +156,10 @@ func create(cmd *cobra.Command, args []string) error {
 		imageName = name
 	}
 
-	if err := auth.CheckAuthFile(cliVals.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(cliVals.Authfile); err != nil {
+			return err
+		}
 	}
 
 	s := specgen.NewSpecGenerator(imageName, cliVals.RootFS)
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index f3037c0810..51fc431b5b 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -115,8 +115,10 @@ func run(cmd *cobra.Command, args []string) error {
 		logrus.Warnf("The input device is not a TTY. The --tty and --interactive flags might not work properly")
 	}
 
-	if err := auth.CheckAuthFile(cliVals.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(cliVals.Authfile); err != nil {
+			return err
+		}
 	}
 
 	runOpts.CIDFile = cliVals.CIDFile
diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go
index 85736a1d0c..a8d7f2b39d 100644
--- a/cmd/podman/containers/runlabel.go
+++ b/cmd/podman/containers/runlabel.go
@@ -90,8 +90,10 @@ func runlabel(cmd *cobra.Command, args []string) error {
 	if cmd.Flags().Changed("tls-verify") {
 		runlabelOptions.SkipTLSVerify = types.NewOptionalBool(!runlabelOptions.TLSVerifyCLI)
 	}
-	if err := auth.CheckAuthFile(runlabelOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(runlabelOptions.Authfile); err != nil {
+			return err
+		}
 	}
 	return registry.ContainerEngine().ContainerRunlabel(context.Background(), strings.TrimPrefix(args[0], "/"), args[1], args[2:], runlabelOptions.ContainerRunlabelOptions)
 }
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go
index d62704e576..3f6668ef45 100644
--- a/cmd/podman/images/build.go
+++ b/cmd/podman/images/build.go
@@ -363,8 +363,10 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		}
 	}
 
-	if err := auth.CheckAuthFile(flags.Authfile); err != nil {
-		return nil, err
+	if c.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(flags.Authfile); err != nil {
+			return nil, err
+		}
 	}
 
 	commonOpts, err := parse.CommonBuildOptions(c)
diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go
index 1e5552bfab..4604565e2d 100644
--- a/cmd/podman/images/pull.go
+++ b/cmd/podman/images/pull.go
@@ -136,8 +136,10 @@ func imagePull(cmd *cobra.Command, args []string) error {
 	if cmd.Flags().Changed("tls-verify") {
 		pullOptions.SkipTLSVerify = types.NewOptionalBool(!pullOptions.TLSVerifyCLI)
 	}
-	if err := auth.CheckAuthFile(pullOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(pullOptions.Authfile); err != nil {
+			return err
+		}
 	}
 	platform, err := cmd.Flags().GetString("platform")
 	if err != nil {
diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go
index 3ae24848e7..084550e43f 100644
--- a/cmd/podman/images/push.go
+++ b/cmd/podman/images/push.go
@@ -173,8 +173,10 @@ func imagePush(cmd *cobra.Command, args []string) error {
 		pushOptions.SkipTLSVerify = types.NewOptionalBool(!pushOptions.TLSVerifyCLI)
 	}
 
-	if err := auth.CheckAuthFile(pushOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(pushOptions.Authfile); err != nil {
+			return err
+		}
 	}
 
 	if pushOptions.CredentialsCLI != "" {
diff --git a/cmd/podman/images/search.go b/cmd/podman/images/search.go
index a9204d220f..ef8c1e2be7 100644
--- a/cmd/podman/images/search.go
+++ b/cmd/podman/images/search.go
@@ -138,8 +138,10 @@ func imageSearch(cmd *cobra.Command, args []string) error {
 		searchOptions.SkipTLSVerify = types.NewOptionalBool(!searchOptions.TLSVerifyCLI)
 	}
 
-	if err := auth.CheckAuthFile(searchOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(searchOptions.Authfile); err != nil {
+			return err
+		}
 	}
 
 	if searchOptions.CredentialsCLI != "" {
diff --git a/cmd/podman/images/sign.go b/cmd/podman/images/sign.go
index 9b1bc11057..66bc55bcbe 100644
--- a/cmd/podman/images/sign.go
+++ b/cmd/podman/images/sign.go
@@ -56,8 +56,10 @@ func init() {
 }
 
 func sign(cmd *cobra.Command, args []string) error {
-	if err := auth.CheckAuthFile(signOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(signOptions.Authfile); err != nil {
+			return err
+		}
 	}
 	if signOptions.SignBy == "" {
 		return errors.New("no identity provided")
diff --git a/cmd/podman/kube/play.go b/cmd/podman/kube/play.go
index 0a375bba6b..b830f97d66 100644
--- a/cmd/podman/kube/play.go
+++ b/cmd/podman/kube/play.go
@@ -217,8 +217,10 @@ func play(cmd *cobra.Command, args []string) error {
 	if cmd.Flags().Changed("build") {
 		playOptions.Build = types.NewOptionalBool(playOptions.BuildCLI)
 	}
-	if err := auth.CheckAuthFile(playOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(playOptions.Authfile); err != nil {
+			return err
+		}
 	}
 	if playOptions.ContextDir != "" && playOptions.Build != types.OptionalBoolTrue {
 		return errors.New("--build must be specified when using --context-dir option")
diff --git a/cmd/podman/manifest/add.go b/cmd/podman/manifest/add.go
index 09a1a9a36f..490be688b9 100644
--- a/cmd/podman/manifest/add.go
+++ b/cmd/podman/manifest/add.go
@@ -93,8 +93,10 @@ func init() {
 }
 
 func add(cmd *cobra.Command, args []string) error {
-	if err := auth.CheckAuthFile(manifestAddOpts.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(manifestAddOpts.Authfile); err != nil {
+			return err
+		}
 	}
 
 	if manifestAddOpts.CredentialsCLI != "" {
diff --git a/cmd/podman/manifest/inspect.go b/cmd/podman/manifest/inspect.go
index a10833a705..c81bbaf63f 100644
--- a/cmd/podman/manifest/inspect.go
+++ b/cmd/podman/manifest/inspect.go
@@ -44,8 +44,10 @@ func init() {
 }
 
 func inspect(cmd *cobra.Command, args []string) error {
-	if err := auth.CheckAuthFile(inspectOptions.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(inspectOptions.Authfile); err != nil {
+			return err
+		}
 	}
 	if cmd.Flags().Changed("tls-verify") {
 		inspectOptions.SkipTLSVerify = types.NewOptionalBool(!tlsVerifyCLI)
diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go
index 24d0a7eebd..bf25951b44 100644
--- a/cmd/podman/manifest/push.go
+++ b/cmd/podman/manifest/push.go
@@ -114,8 +114,10 @@ func init() {
 }
 
 func push(cmd *cobra.Command, args []string) error {
-	if err := auth.CheckAuthFile(manifestPushOpts.Authfile); err != nil {
-		return err
+	if cmd.Flags().Changed("authfile") {
+		if err := auth.CheckAuthFile(manifestPushOpts.Authfile); err != nil {
+			return err
+		}
 	}
 	listImageSpec := args[0]
 	destSpec := args[len(args)-1]
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 2619137074..50287ed57a 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -1163,10 +1163,11 @@ EOF
     #
     # Table format is:
     #   podman command | arguments | '-' if it does not work with podman-remote
+    echo "from $IMAGE" > $PODMAN_TMPDIR/Containerfile
     tests="
 auto-update          |                  | -
 build                | $PODMAN_TMPDIR   |
-container runlabel   | $IMAGE argument  | -
+container runlabel   | run $IMAGE       | -
 create               | $IMAGE argument  |
 image sign           | $IMAGE           | -
 kube play            | argument         |
@@ -1176,7 +1177,7 @@ manifest inspect     | $IMAGE           |
 manifest push        | $IMAGE argument  |
 pull                 | $IMAGE argument  |
 push                 | $IMAGE argument  |
-run                  | $IMAGE argument  |
+run                  | $IMAGE false     |
 search               | $IMAGE           |
 "
 
@@ -1197,6 +1198,12 @@ search               | $IMAGE           |
         run_podman 125 $command --authfile=$bogus $args
         assert "$output" = "Error: checking authfile: stat $bogus: no such file or directory" \
            "$command --authfile=nonexistent-path"
+
+        if [[ "$command" != "logout" ]]; then
+           REGISTRY_AUTH_FILE=$bogus run_podman ? $command $args
+           assert "$output" !~ "checking authfile" \
+              "$command REGISTRY_AUTH_FILE=nonexistent-path"
+        fi
     done < <(parse_table "$tests")
 }